CVE-2007-4000 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4000
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4000

Description: The kadm5_modify_policy_internal function in lib/kadm5/srv/svr_policy.c in the Kerberos administration daemon (kadmind) in MIT Kerberos 5 (krb5) 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy" privilege to execute arbitrary code via unspecified vectors that trigger a write to an uninitialized pointer.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36438 SUSE http://www.novell.com/linux/security/advisories/2007_19_sr.html ST 1018647 SREASON http://securityreason.com/securityalert/3092 SAID Secunia Advisory: SA26680 Secunia Advisory: SA26728 Secunia Advisory: SA26676 Secunia Advisory: SA26700 Secunia Advisory: SA26783 Secunia Advisory: SA26987 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0858.html MISC MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:174 GENTOO http://www.gentoo.org/security/en/glsa/glsa-200709-01.xml FEDORA CONFIRM http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2007-006.txt CERT-VN 377544 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/478794/100/0/threaded BID 25533

Return to the previous page.